diff options
author | netblue30 <netblue30@protonmail.com> | 2021-07-04 08:21:06 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-07-04 08:21:06 -0400 |
commit | c32924b825a4225d4924222c0584087c0270a670 (patch) | |
tree | 2298835f1c8c79d1fa416af9d227c3ff309382bd /src | |
parent | allow/deny help and man pages (diff) | |
download | firejail-c32924b825a4225d4924222c0584087c0270a670.tar.gz firejail-c32924b825a4225d4924222c0584087c0270a670.tar.zst firejail-c32924b825a4225d4924222c0584087c0270a670.zip |
deprecated whitelist=yes/no in /etc/firejail/firejail.config
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/checkcfg.c | 1 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/main.c | 28 | ||||
-rw-r--r-- | src/firejail/profile.c | 14 |
4 files changed, 12 insertions, 32 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 501804cbb..06e6f0ccb 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -106,7 +106,6 @@ int checkcfg(int val) { | |||
106 | PARSE_YESNO(CFG_FIREJAIL_PROMPT, "firejail-prompt") | 106 | PARSE_YESNO(CFG_FIREJAIL_PROMPT, "firejail-prompt") |
107 | PARSE_YESNO(CFG_FORCE_NONEWPRIVS, "force-nonewprivs") | 107 | PARSE_YESNO(CFG_FORCE_NONEWPRIVS, "force-nonewprivs") |
108 | PARSE_YESNO(CFG_SECCOMP, "seccomp") | 108 | PARSE_YESNO(CFG_SECCOMP, "seccomp") |
109 | PARSE_YESNO(CFG_WHITELIST, "whitelist") | ||
110 | PARSE_YESNO(CFG_NETWORK, "network") | 109 | PARSE_YESNO(CFG_NETWORK, "network") |
111 | PARSE_YESNO(CFG_RESTRICTED_NETWORK, "restricted-network") | 110 | PARSE_YESNO(CFG_RESTRICTED_NETWORK, "restricted-network") |
112 | PARSE_YESNO(CFG_XEPHYR_WINDOW_TITLE, "xephyr-window-title") | 111 | PARSE_YESNO(CFG_XEPHYR_WINDOW_TITLE, "xephyr-window-title") |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 9971d30b6..6c9d70c0b 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -776,7 +776,6 @@ enum { | |||
776 | CFG_NETWORK, | 776 | CFG_NETWORK, |
777 | CFG_RESTRICTED_NETWORK, | 777 | CFG_RESTRICTED_NETWORK, |
778 | CFG_FORCE_NONEWPRIVS, | 778 | CFG_FORCE_NONEWPRIVS, |
779 | CFG_WHITELIST, | ||
780 | CFG_XEPHYR_WINDOW_TITLE, | 779 | CFG_XEPHYR_WINDOW_TITLE, |
781 | CFG_OVERLAYFS, | 780 | CFG_OVERLAYFS, |
782 | CFG_PRIVATE_BIN, | 781 | CFG_PRIVATE_BIN, |
diff --git a/src/firejail/main.c b/src/firejail/main.c index b97b1f6ad..f64994e02 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1602,28 +1602,20 @@ int main(int argc, char **argv, char **envp) { | |||
1602 | 1602 | ||
1603 | // whitelist | 1603 | // whitelist |
1604 | else if (strncmp(argv[i], "--whitelist=", 12) == 0) { | 1604 | else if (strncmp(argv[i], "--whitelist=", 12) == 0) { |
1605 | if (checkcfg(CFG_WHITELIST)) { | 1605 | char *line; |
1606 | char *line; | 1606 | if (asprintf(&line, "whitelist %s", argv[i] + 12) == -1) |
1607 | if (asprintf(&line, "whitelist %s", argv[i] + 12) == -1) | 1607 | errExit("asprintf"); |
1608 | errExit("asprintf"); | ||
1609 | 1608 | ||
1610 | profile_check_line(line, 0, NULL); // will exit if something wrong | 1609 | profile_check_line(line, 0, NULL); // will exit if something wrong |
1611 | profile_add(line); | 1610 | profile_add(line); |
1612 | } | ||
1613 | else | ||
1614 | exit_err_feature("whitelist"); | ||
1615 | } | 1611 | } |
1616 | else if (strncmp(argv[i], "--allow=", 8) == 0) { | 1612 | else if (strncmp(argv[i], "--allow=", 8) == 0) { |
1617 | if (checkcfg(CFG_WHITELIST)) { | 1613 | char *line; |
1618 | char *line; | 1614 | if (asprintf(&line, "whitelist %s", argv[i] + 8) == -1) |
1619 | if (asprintf(&line, "whitelist %s", argv[i] + 8) == -1) | 1615 | errExit("asprintf"); |
1620 | errExit("asprintf"); | ||
1621 | 1616 | ||
1622 | profile_check_line(line, 0, NULL); // will exit if something wrong | 1617 | profile_check_line(line, 0, NULL); // will exit if something wrong |
1623 | profile_add(line); | 1618 | profile_add(line); |
1624 | } | ||
1625 | else | ||
1626 | exit_err_feature("whitelist"); | ||
1627 | } | 1619 | } |
1628 | else if (strncmp(argv[i], "--nowhitelist=", 14) == 0) { | 1620 | else if (strncmp(argv[i], "--nowhitelist=", 14) == 0) { |
1629 | char *line; | 1621 | char *line; |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 430187809..29bb5fbac 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -1589,18 +1589,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1589 | else if (strncmp(ptr, "noblacklist ", 12) == 0) | 1589 | else if (strncmp(ptr, "noblacklist ", 12) == 0) |
1590 | ptr += 12; | 1590 | ptr += 12; |
1591 | else if (strncmp(ptr, "whitelist ", 10) == 0) { | 1591 | else if (strncmp(ptr, "whitelist ", 10) == 0) { |
1592 | if (checkcfg(CFG_WHITELIST)) { | 1592 | arg_whitelist = 1; |
1593 | arg_whitelist = 1; | 1593 | ptr += 10; |
1594 | ptr += 10; | ||
1595 | } | ||
1596 | else { | ||
1597 | static int whitelist_warning_printed = 0; | ||
1598 | if (!whitelist_warning_printed) { | ||
1599 | warning_feature_disabled("whitelist"); | ||
1600 | whitelist_warning_printed = 1; | ||
1601 | } | ||
1602 | return 0; | ||
1603 | } | ||
1604 | } | 1594 | } |
1605 | else if (strncmp(ptr, "nowhitelist ", 12) == 0) | 1595 | else if (strncmp(ptr, "nowhitelist ", 12) == 0) |
1606 | ptr += 12; | 1596 | ptr += 12; |